CVE-2022-24766 - OpenCVE

Vendors	Products
Mitmproxy	Mitmproxy

Link	Providers
https://github.com/mitmproxy/mitmproxy/commit/b06fb6d157087d526bd02e7aadbe37c56865c71b
https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-gcx2-gvj7-pxv3
https://mitmproxy.org/posts/releases/mitmproxy8/

{"containers": {"cna": {"affected": [{"product": "mitmproxy", "vendor": "mitmproxy", "versions": [{"status": "affected", "version": "<= 7.0.4"}]}], "descriptions": [{"lang": "en", "value": "mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response's HTTP message body. While mitmproxy would only see one request, the target server would see multiple requests. A smuggled request is still captured as part of another request's body, but it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization. Unless mitmproxy is used to protect an HTTP/1 service, no action is required. The vulnerability has been fixed in mitmproxy 8.0.0 and above. There are currently no known workarounds."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-444", "description": "CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-03-21T18:50:10", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-gcx2-gvj7-pxv3"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/mitmproxy/mitmproxy/commit/b06fb6d157087d526bd02e7aadbe37c56865c71b"}, {"tags": ["x_refsource_MISC"], "url": "https://mitmproxy.org/posts/releases/mitmproxy8/"}], "source": {"advisory": "GHSA-gcx2-gvj7-pxv3", "discovery": "UNKNOWN"}, "title": "Insufficient Protection against HTTP Request Smuggling in mitmproxy", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-24766", "STATE": "PUBLIC", "TITLE": "Insufficient Protection against HTTP Request Smuggling in mitmproxy"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "mitmproxy", "version": {"version_data": [{"version_value": "<= 7.0.4"}]}}]}, "vendor_name": "mitmproxy"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response's HTTP message body. While mitmproxy would only see one request, the target server would see multiple requests. A smuggled request is still captured as part of another request's body, but it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization. Unless mitmproxy is used to protect an HTTP/1 service, no action is required. The vulnerability has been fixed in mitmproxy 8.0.0 and above. There are currently no known workarounds."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-gcx2-gvj7-pxv3", "refsource": "CONFIRM", "url": "https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-gcx2-gvj7-pxv3"}, {"name": "https://github.com/mitmproxy/mitmproxy/commit/b06fb6d157087d526bd02e7aadbe37c56865c71b", "refsource": "MISC", "url": "https://github.com/mitmproxy/mitmproxy/commit/b06fb6d157087d526bd02e7aadbe37c56865c71b"}, {"name": "https://mitmproxy.org/posts/releases/mitmproxy8/", "refsource": "MISC", "url": "https://mitmproxy.org/posts/releases/mitmproxy8/"}]}, "source": {"advisory": "GHSA-gcx2-gvj7-pxv3", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:20:50.240Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-gcx2-gvj7-pxv3"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/mitmproxy/mitmproxy/commit/b06fb6d157087d526bd02e7aadbe37c56865c71b"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://mitmproxy.org/posts/releases/mitmproxy8/"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-24766", "datePublished": "2022-03-21T18:50:10", "dateReserved": "2022-02-10T00:00:00", "dateUpdated": "2024-08-03T04:20:50.240Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mitmproxy:mitmproxy:*:*:*:*:*:*:*:*", "matchCriteriaId": "41ABE70A-F0A7-4F97-A8F1-8B8D1BDD5663", "versionEndIncluding": "7.0.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response's HTTP message body. While mitmproxy would only see one request, the target server would see multiple requests. A smuggled request is still captured as part of another request's body, but it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization. Unless mitmproxy is used to protect an HTTP/1 service, no action is required. The vulnerability has been fixed in mitmproxy 8.0.0 and above. There are currently no known workarounds."}, {"lang": "es", "value": "mitmproxy es un proxy interactivo con capacidad de interceptaci\u00f3n SSL/TLS. En mitmproxy versiones 7.0.4 y anteriores, un cliente o servidor malicioso puede llevar a cabo ataques de contrabando de peticiones HTTP mediante mitmproxy. Esto significa que un cliente/servidor malicioso podr\u00eda pasar de contrabando una petici\u00f3n/respuesta mediante mitmproxy como parte del cuerpo del mensaje HTTP de otra petici\u00f3n/respuesta. Mientras que mitmproxy s\u00f3lo ver\u00eda una petici\u00f3n, el servidor de destino ver\u00eda m\u00faltiples peticiones. Una petici\u00f3n contrabandeada sigue siendo capturada como parte del cuerpo de otra petici\u00f3n, pero no aparece en la lista de peticiones y no pasa por los ganchos de eventos habituales de mitmproxy, donde los usuarios pueden haber implementado comprobaciones de control de acceso personalizadas o saneo de entradas. A menos que mitmproxy sea usado para proteger un servicio HTTP/1, no es requerida ninguna acci\u00f3n. La vulnerabilidad ha sido corregida en mitmproxy versiones 8.0.0 y superiores. Actualmente no se presentan medidas de mitigaci\u00f3n conocidas"}], "id": "CVE-2022-24766", "lastModified": "2022-03-29T16:49:43.347", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-03-21T19:15:11.613", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/mitmproxy/mitmproxy/commit/b06fb6d157087d526bd02e7aadbe37c56865c71b"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-gcx2-gvj7-pxv3"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://mitmproxy.org/posts/releases/mitmproxy8/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-444"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-444"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object